CVE-2026-2836 identifies a cache poisoning vulnerability in the Pingora HTTP proxy framework, specifically in its alpha proxy caching feature's default cache key construction. The vulnerability arises because the default cache key implementation generates keys solely based on the URI path, neglecting the Host header (authority) and other critical request attributes. This flawed design allows attackers to craft requests that cause the proxy to serve cached responses intended for one tenant or origin to another, leading to cross-tenant data leakage and cache poisoning. Such attacks can result in users receiving malicious or unauthorized content, undermining data integrity and confidentiality. The vulnerability affects users of Pingora versions prior to 0.8.0 who have not customized their cache key logic. Cloudflare's CDN infrastructure is unaffected as it employs a more comprehensive cache key strategy that includes multiple request factors, preventing this form of cache poisoning. The vulnerability has a CVSS 4.0 score of 8.4, indicating high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. Mitigation involves upgrading to Pingora v0.8.0 or later, which removes the insecure default cache key implementation, and requires users to explicitly implement cache key callbacks that incorporate the Host header, upstream HTTP scheme, and other relevant attributes to ensure cache keys uniquely identify content per tenant or origin. Users on older versions should remove default cache key usage and implement their own secure cache key logic. No known exploits have been reported in the wild as of the publication date.

The vulnerability poses significant risks to organizations deploying Pingora's proxy caching in multi-tenant or shared environments. Exploitation can lead to cross-tenant data leakage, where sensitive information intended for one tenant is exposed to others, violating confidentiality and potentially regulatory compliance. Cache poisoning can also enable attackers to serve malicious content to legitimate users, compromising data integrity and potentially leading to further exploitation such as malware delivery or phishing. Since the vulnerability requires no authentication and has low attack complexity, it can be exploited remotely by unauthenticated attackers, increasing the threat surface. Organizations relying on default cache key implementations without customization are particularly vulnerable. Although Cloudflare's CDN is not affected, third-party users of Pingora may face service disruption, reputational damage, and legal consequences if sensitive data is leaked or malicious content is served. The scope is limited to Pingora users who have not upgraded or customized their cache key logic, but given the growing adoption of proxy caching frameworks, the impact could be widespread among affected deployments.

1. Upgrade immediately to Pingora version 0.8.0 or later, which removes the insecure default cache key implementation. 2. Implement explicit cache key callbacks that incorporate the Host header (authority), upstream HTTP scheme, and any other relevant request attributes to ensure cache keys uniquely identify cached content per tenant or origin. 3. For users on older versions unable to upgrade immediately, remove any usage of the default CacheKey implementation and replace it with a custom cache key function that includes at minimum the Host header and upstream peer’s HTTP scheme. 4. Conduct thorough testing of cache behavior post-implementation to verify that cross-tenant cache poisoning is mitigated and that cache keys correctly segregate tenant data. 5. Monitor proxy logs for unusual cache hit patterns or anomalies that could indicate attempted cache poisoning. 6. Educate development and operations teams about the risks of default cache key usage and the importance of customizing cache keys in multi-tenant environments. 7. Review and audit other proxy or caching components in the infrastructure for similar cache key construction issues to prevent analogous vulnerabilities.